AbstractUserAuthentication implements LoggerAwareInterface uses LoggerAwareTrait, CookieHeaderTrait

AbstractYes

Authentication of users in TYPO3

This class is used to authenticate a login user. The class is used by both the frontend and backend. In both cases this class is a parent class to BackendUserAuthentication and FrontendUserAuthentication

Table of Contents

Interfaces

LoggerAwareInterface

Properties

$checkPid  : bool
If set, the user-record must be stored at the page defined by $checkPid_value
$checkPid_value  : int|string|null
The page id the user record must be stored at, can also hold a comma separated list of pids
$enablecolumns  : array<string|int, mixed>
Enable field columns of user table
$loginType  : string
Login type, used for services.
$name  : string
Session/Cookie name
$uc  : array<string|int, mixed>
User Settings (= preferences)
$user  : array<string|int, mixed>|null
$user_table  : string
Table in database with user data
$usergroup_column  : string
Column for user group information
$usergroup_table  : string
Table in database with user groups
$userGroups  : array<string|int, mixed>
This array will hold the groups that the user is a member of
$userid_column  : string
Column for user-id
$userident_column  : string
Column for password
$username_column  : string
Column for login-name
$writeAttemptLog  : bool
Log failed login attempts
$writeStdLog  : bool
Decides if the writelog() function is called at login and logout
$dontSetCookie  : bool
Will prevent the setting of the session cookie
$formfield_status  : string
Form field with status: *'login', 'logout'. If empty login is not verified.
$formfield_uident  : string
Form field with password
$formfield_uname  : string
Form field with login-name
$lastLogin_column  : string
Column name for last login timestamp
$loginSessionStarted  : bool
Will be set to TRUE if the login session is actually written during auth-check.
$setCookie  : SetCookieBehavior
If set, this cookie will be set to the response.
$userSession  : UserSession|null
$userSessionManager  : UserSessionManager

Methods

__construct()  : mixed
Initialize some important variables
appendCookieToResponse()  : ResponseInterface
Used to apply a cookie to a PSR-7 Response.
checkAuthentication()  : mixed
Checks if a submission of username and password is present or use other authentication by auth services
createUserSession()  : UserSession
Creates a user session record and returns its values.
enforceNewSessionId()  : mixed
Regenerates the session ID and sets the cookie again.
getAuthInfoArray()  : array<string|int, mixed>
Returns an info array which provides additional information for auth services
getLoginFormData()  : array<string|int, mixed>
Returns an info array with Login/Logout data submitted by a form or params
getModuleData()  : mixed
Gets module data for a module (from a loaded ->uc array)
getRawUserByName()  : array<string|int, mixed>
Fetching raw user record with username=$name
getRawUserByUid()  : array<string|int, mixed>
Fetching raw user record with uid=$uid
getSession()  : UserSession
getSessionData()  : mixed
Returns the session data stored for $key.
getUserId()  : int|null
getUserName()  : string|null
initializeUserSessionManager()  : void
Currently needed for various unit tests, until start() and checkAuthentication() methods are smaller and extracted from this class.
isActiveLogin()  : bool
isMfaSetupRequired()  : bool
Whether the user is required to set up MFA
logoff()  : mixed
Log out current user! Removes the current session record, sets the internal ->user array to a blank string; Thereby the current user (if any) is effectively logged out!
processLoginData()  : array<string|int, mixed>
Processes Login data submitted by a form or params
pushModuleData()  : void
Stores data for a module.
removeCookie()  : mixed
Empty / unset the cookie
setAndSaveSessionData()  : mixed
Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.
setBeUserByName()  : mixed
Raw initialization of the be_user with username=$name
setBeUserByUid()  : mixed
Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected.
setSessionData()  : mixed
Set session data by key.
start()  : mixed
Starts a user session Typical configurations will: a) check if session cookie was set and if not, set one, b) check if a password/username was sent and if so, try to authenticate the user c) Lookup a session attached to a user and check timeout etc.
writelog()  : mixed
DUMMY: Writes to log database table (in some extension classes)
writeUC()  : mixed
This writes $this->>uc to the user-record. This is a way of providing session-data.
evaluateMfaRequirements()  : void
This method checks if the user is authenticated but has not succeeded in passing his MFA challenge. This method can therefore only be used if a user has been authenticated against his first authentication method (username+password or any other authentication token).
fetchPossibleUsers()  : array<string|int, mixed>
Loads users from various sources (= authentication services) as an array of arrays.
fetchValidUserFromSessionOrDestroySession()  : array<string|int, mixed>|null
If the session is bound to a user, this method fetches the user record, and returns it.
getAuthServiceConfiguration()  : array<string|int, mixed>
"auth" services configuration array from $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']
getAuthServices()  : Traversable
Initializes authentication services to be used in a foreach loop
isCookieSet()  : bool
Returns whether this request is going to set a cookie or a cookie was already found in the system
isRefreshTimeBasedCookie()  : bool
Determine whether a non-session cookie needs to be set (lifetime>0)
isSetSessionCookie()  : bool
Determine whether a session cookie needs to be set (lifetime=0)
performLogoff()  : mixed
Perform the logoff action. Called from logoff() as a way to allow subclasses to override what happens when a user logs off, without needing to reproduce the hook calls and logging that happens in the public logoff() API method.
regenerateSessionId()  : mixed
Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.
removeSensitiveLoginDataForLoggingInfo()  : mixed
Removes any sensitive data from the incoming data (either from loginData, processedLogin data or the user record from the DB).
setSessionCookie()  : mixed
Sets the setCookie directive to "Send", which will then result in appending a new cookie to the PSR-7 response, see appendCookieToResponse().
shallSetSessionCookie()  : bool
Determines whether setting the session cookie is generally enabled, or the current session is a non-session cookie (FE permalogin).
unpack_uc()  : mixed
Unserializes the user configuration from the user record into $this->>uc
updateLoginTimestamp()  : mixed
Updates the last login column in the user with the given id
userConstraints()  : QueryRestrictionContainerInterface
This returns the restrictions needed to select the user respecting enable columns and flags like deleted, hidden, starttime, endtime and rootLevel

Properties

$checkPid

If set, the user-record must be stored at the page defined by $checkPid_value

public bool $checkPid = true

$checkPid_value

The page id the user record must be stored at, can also hold a comma separated list of pids

public int|string|null $checkPid_value = 0

$enablecolumns

Enable field columns of user table

public array<string|int, mixed> $enablecolumns = [ 'rootLevel' => '', // Boolean: If TRUE, 'AND pid=0' will be a part of the query... 'disabled' => '', 'starttime' => '', 'endtime' => '', 'deleted' => '', ]

$loginType

Login type, used for services.

public string $loginType = ''

$name

Session/Cookie name

public string $name = ''

$uc

User Settings (= preferences)

public array<string|int, mixed> $uc = []

$user

public array<string|int, mixed>|null $user

contains user- AND session-data from database (joined tables)

Internal

$user_table

Table in database with user data

public string $user_table = ''

$usergroup_column

Column for user group information

public string $usergroup_column = ''

$usergroup_table

Table in database with user groups

public string $usergroup_table = ''

$userGroups

This array will hold the groups that the user is a member of

public array<string|int, mixed> $userGroups = []

$userid_column

Column for user-id

public string $userid_column = ''

$userident_column

Column for password

public string $userident_column = ''

$username_column

Column for login-name

public string $username_column = ''

$writeAttemptLog

Log failed login attempts

public bool $writeAttemptLog = false

$writeStdLog

Decides if the writelog() function is called at login and logout

public bool $writeStdLog = false

$dontSetCookie

Will prevent the setting of the session cookie

protected bool $dontSetCookie = false
Internal

$formfield_status

Form field with status: *'login', 'logout'. If empty login is not verified.

protected string $formfield_status = ''
Internal

$formfield_uident

Form field with password

protected string $formfield_uident = ''
Internal

$formfield_uname

Form field with login-name

protected string $formfield_uname = ''
Internal

$lastLogin_column

Column name for last login timestamp

protected string $lastLogin_column = ''
Internal

$loginSessionStarted

Will be set to TRUE if the login session is actually written during auth-check.

protected bool $loginSessionStarted = false
Internal

$setCookie

If set, this cookie will be set to the response.

protected SetCookieBehavior $setCookie = \TYPO3\CMS\Core\Http\SetCookieBehavior::None

Methods

__construct()

Initialize some important variables

public __construct() : mixed
Tags
throws
Exception

appendCookieToResponse()

Used to apply a cookie to a PSR-7 Response.

public appendCookieToResponse(ResponseInterface $response[, NormalizedParams|null $normalizedParams = null ]) : ResponseInterface
Parameters
$response : ResponseInterface
$normalizedParams : NormalizedParams|null = null
Internal
Tags
todo:

should go into a middleware?

Return values
ResponseInterface

checkAuthentication()

Checks if a submission of username and password is present or use other authentication by auth services

public checkAuthentication(ServerRequestInterface $request) : mixed
Parameters
$request : ServerRequestInterface
Internal
Tags
throws
MfaRequiredException

createUserSession()

Creates a user session record and returns its values.

public createUserSession(array<string|int, mixed> $userRecordCandidate) : UserSession
Parameters
$userRecordCandidate : array<string|int, mixed>

User data array

Return values
UserSession

The session data for the newly created session.

enforceNewSessionId()

Regenerates the session ID and sets the cookie again.

public enforceNewSessionId() : mixed
Internal

getAuthInfoArray()

Returns an info array which provides additional information for auth services

public getAuthInfoArray(ServerRequestInterface $request) : array<string|int, mixed>
Parameters
$request : ServerRequestInterface
Internal
Return values
array<string|int, mixed>

getLoginFormData()

Returns an info array with Login/Logout data submitted by a form or params

public getLoginFormData(ServerRequestInterface $request) : array<string|int, mixed>
Parameters
$request : ServerRequestInterface
Internal
Return values
array<string|int, mixed>

getModuleData()

Gets module data for a module (from a loaded ->uc array)

public getModuleData(string $module[, string $type = '' ]) : mixed
Parameters
$module : string

Is the identifier of the module, e.g. "web_info"

$type : string = ''

If $type = 'ses' then module data is returned only if it was stored in the current session, otherwise data from a previous session will be returned (if available).

Return values
mixed

The module data if available: $this->uc['moduleData'][$module];

getRawUserByName()

Fetching raw user record with username=$name

public getRawUserByName(string $name) : array<string|int, mixed>
Parameters
$name : string

The username to look up.

Internal
Tags
see
AbstractUserAuthentication::getUserByUid()
Return values
array<string|int, mixed>

user record or FALSE

getRawUserByUid()

Fetching raw user record with uid=$uid

public getRawUserByUid(int $uid) : array<string|int, mixed>
Parameters
$uid : int

The UID of the backend user to set in ->user

Internal
Return values
array<string|int, mixed>

user record or FALSE

getSessionData()

Returns the session data stored for $key.

public getSessionData(string $key) : mixed

The data will last only for this login session since it is stored in the user session.

Parameters
$key : string

The key associated with the session data

getUserId()

public getUserId() : int|null
Return values
int|null

getUserName()

public getUserName() : string|null
Return values
string|null

initializeUserSessionManager()

Currently needed for various unit tests, until start() and checkAuthentication() methods are smaller and extracted from this class.

public initializeUserSessionManager([UserSessionManager|null $userSessionManager = null ]) : void
Parameters
$userSessionManager : UserSessionManager|null = null
Internal

isActiveLogin()

public isActiveLogin(ServerRequestInterface $request) : bool
Parameters
$request : ServerRequestInterface
Return values
bool

isMfaSetupRequired()

Whether the user is required to set up MFA

public isMfaSetupRequired() : bool
Internal
Return values
bool

logoff()

Log out current user! Removes the current session record, sets the internal ->user array to a blank string; Thereby the current user (if any) is effectively logged out!

public logoff() : mixed

processLoginData()

Processes Login data submitted by a form or params

public processLoginData(array<string|int, mixed> $loginData, ServerRequestInterface $request) : array<string|int, mixed>
Parameters
$loginData : array<string|int, mixed>

Login data array

$request : ServerRequestInterface
Internal
Return values
array<string|int, mixed>

pushModuleData()

Stores data for a module.

public pushModuleData(string $module, mixed $data[, bool $dontPersistImmediately = false ]) : void

The data is stored with the session ID, so you can even check upon retrieval if the module data is from a previous session or from the current session.

Parameters
$module : string

Is the identifier of the module, e.g. "web_info"

$data : mixed

Is the data you want to store for that module (array, string, ...)

$dontPersistImmediately : bool = false

If set, then the ->uc array (which carries all kinds of user data) is NOT written immediately, but must be written by some subsequent call.

removeCookie()

Empty / unset the cookie

public removeCookie([string|null $cookieName = null ]) : mixed
Parameters
$cookieName : string|null = null

usually, this is $this->name

Internal

setAndSaveSessionData()

Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.

public setAndSaveSessionData(string $key, mixed $data) : mixed

The data will last only for this login session since it is stored in the session table.

Parameters
$key : string

Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.

$data : mixed

The data to store in index $key

setBeUserByUid()

Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected.

public setBeUserByUid(int $uid) : mixed

Thus the BE_USER object will appear like if a user was authenticated - however without a session id and the fields from the session table of course. Will check the users for disabled, start/endtime, etc. ($this->user_where_clause())

Parameters
$uid : int

The UID of the backend user to set in ->user

Internal

setSessionData()

Set session data by key.

public setSessionData(string $key, mixed $data) : mixed

The data will last only for this login session since it is stored in the user session.

Parameters
$key : string

A non empty string to store the data under

$data : mixed

Data store store in session

start()

Starts a user session Typical configurations will: a) check if session cookie was set and if not, set one, b) check if a password/username was sent and if so, try to authenticate the user c) Lookup a session attached to a user and check timeout etc.

public start(ServerRequestInterface $request) : mixed

d) Garbage collection, setting of no-cache headers. If a user is authenticated the database record of the user (array) will be set in the ->user internal variable.

Parameters
$request : ServerRequestInterface

writelog()

DUMMY: Writes to log database table (in some extension classes)

public writelog(int $type, int $action, int $error, int $details_nr, string $details, array<string|int, mixed> $data, string $tablename, int|string $recuid, int|string $recpid) : mixed
Parameters
$type : int

denotes which module that has submitted the entry. This is the current list: 1=tce_db; 2=tce_file; 3=system (eg. sys_history save); 4=modules; 254=Personal settings changed; 255=login / out action: 1=login, 2=logout, 3=failed login (+ errorcode 3), 4=failure_warning_email sent

$action : int

denotes which specific operation that wrote the entry (eg. 'delete', 'upload', 'update' and so on...). Specific for each $type. Also used to trigger update of the interface. (see the log-module for the meaning of each number !!)

$error : int

flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)

$details_nr : int

The message number. Specific for each $type and $action. in the future this will make it possible to translate error messages to other languages

$details : string

Default text that follows the message

$data : array<string|int, mixed>

Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed the details-text...

$tablename : string

Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)

$recuid : int|string

Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)

$recpid : int|string

Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)

writeUC()

This writes $this->>uc to the user-record. This is a way of providing session-data.

public writeUC() : mixed

You can fetch the data again through $this->uc in this class!

evaluateMfaRequirements()

This method checks if the user is authenticated but has not succeeded in passing his MFA challenge. This method can therefore only be used if a user has been authenticated against his first authentication method (username+password or any other authentication token).

protected evaluateMfaRequirements() : void
Internal
Tags
throws
MfaRequiredException

fetchPossibleUsers()

Loads users from various sources (= authentication services) as an array of arrays.

protected fetchPossibleUsers(array<string|int, mixed> $loginData, bool $activeLogin, bool $isExistingSession, array<string|int, mixed>|null $authenticatedUserFromSession, ServerRequestInterface $request) : array<string|int, mixed>
Parameters
$loginData : array<string|int, mixed>
$activeLogin : bool
$isExistingSession : bool
$authenticatedUserFromSession : array<string|int, mixed>|null

if we have a user from an existing session, this is set here, otherwise null

$request : ServerRequestInterface
Return values
array<string|int, mixed>

fetchValidUserFromSessionOrDestroySession()

If the session is bound to a user, this method fetches the user record, and returns it.

protected fetchValidUserFromSessionOrDestroySession([bool $skipSessionUpdate = false ]) : array<string|int, mixed>|null

If the session has a timeout, the session date is extended if needed. Also the ìs_online flag is updated for the user.

However, if the session has expired the session is removed and the request is treated as an anonymous session.

Parameters
$skipSessionUpdate : bool = false
Return values
array<string|int, mixed>|null

getAuthServiceConfiguration()

"auth" services configuration array from $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']

protected getAuthServiceConfiguration() : array<string|int, mixed>
Return values
array<string|int, mixed>

getAuthServices()

Initializes authentication services to be used in a foreach loop

protected getAuthServices(string $subType, array<string|int, mixed> $loginData, array<string|int, mixed>|null $authenticatedUserFromSession, ServerRequestInterface $request) : Traversable
Parameters
$subType : string

e.g. getUserFE

$loginData : array<string|int, mixed>
$authenticatedUserFromSession : array<string|int, mixed>|null

the user which was loaded from the session, or null if none was found

$request : ServerRequestInterface
Return values
Traversable

A generator of service objects

isCookieSet()

Returns whether this request is going to set a cookie or a cookie was already found in the system

protected isCookieSet() : bool
Internal
Return values
bool

Returns TRUE if a cookie is set

isRefreshTimeBasedCookie()

Determine whether a non-session cookie needs to be set (lifetime>0)

protected isRefreshTimeBasedCookie() : bool
Internal
Return values
bool

isSetSessionCookie()

Determine whether a session cookie needs to be set (lifetime=0)

protected isSetSessionCookie() : bool
Internal
Return values
bool

performLogoff()

Perform the logoff action. Called from logoff() as a way to allow subclasses to override what happens when a user logs off, without needing to reproduce the hook calls and logging that happens in the public logoff() API method.

protected performLogoff() : mixed

regenerateSessionId()

Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.

protected regenerateSessionId() : mixed

removeSensitiveLoginDataForLoggingInfo()

Removes any sensitive data from the incoming data (either from loginData, processedLogin data or the user record from the DB).

protected removeSensitiveLoginDataForLoggingInfo(mixed|array<string|int, mixed> $data[, bool $isUserRecord = false ]) : mixed

No type hinting is added because it might be possible that the incoming data is of any other type.

Parameters
$data : mixed|array<string|int, mixed>
$isUserRecord : bool = false

setSessionCookie()

Sets the setCookie directive to "Send", which will then result in appending a new cookie to the PSR-7 response, see appendCookieToResponse().

protected setSessionCookie() : mixed

In case this method is called, the cookie needs to be set later.

shallSetSessionCookie()

Determines whether setting the session cookie is generally enabled, or the current session is a non-session cookie (FE permalogin).

protected shallSetSessionCookie() : bool
Return values
bool

unpack_uc()

Unserializes the user configuration from the user record into $this->>uc

protected unpack_uc() : mixed
Internal

updateLoginTimestamp()

Updates the last login column in the user with the given id

protected updateLoginTimestamp(int $userId) : mixed
Parameters
$userId : int 

        

        
    




    

    

                            

            

                            
    

        On this page

        
    


            

                    

        

    

        

            
Search results